Hacking Your Phone (opens in new tab)

(cbsnews.com)

66 pointsmattee10y ago13 comments

13 comments

13 comments · 5 top-level

jtokoph10y ago· 5 in thread

It looks like the demo they do with the reporter leaves out a the part where the "landing page" for the wifi prompts the user to install a new root certificate on the device so that his proxy can listen in on all of the traffic.

This is the smartphone version of fake pirated media that asks you to download a special desktop "media player" that ends up just being malware. The average user will just accept whatever prompts they are given for free access to wifi. Certificate pinning will be much more important once this becomes mainstream.

bsilvereagle10y ago

> Certificate pinning will be much more important once this becomes mainstream.

On the flip side, certificate pinning prevents an end user from seeing what data an app is transmitting. Standard Man-in-the-Middle solutions like Burp no longer work when an app is cert pinning.

The only way (to my knowledge) to overcome this isto attach a debugger to the app and manually strip the ssl or view the packets prior to being sent.

therein10y ago

> The only way (to my knowledge) to overcome this isto attach a debugger to the app and manually strip the ssl or view the packets prior to being sent.

And that is the very intention.

Both as a user and a software engineer I find this perfectly natural. The app developer could have implemented this himself or just used public-key encryption on top of his HTTPS enabled but not certificate-pinned application.

anontestuser23410y ago

will certificate pinning flag anything if the user installs a new root cert on their device?

JonathonW10y ago

That depends. I'm not sure what iOS or Android do here, but Chrome (as an example, since its behavior is well-documented) does not perform pin validation when the presented certificate chains up to a private trust anchor (i.e. a user-installed root cert) [1]. This was a deliberate choice on the part of the Chrome team, to allow this type of MITM (presumably because it's not uncommon in enterprise environments).

[1] http://www.chromium.org/Home/chromium-security/security-faq#...

trakout10y ago

Typically the app that uses certificate pinning will just cease to use data during a typical mitm attack. Kind of like going into airplane mode.

samfisher8310y ago· 1 in thread

The interesting part of the story is how the NSA knows about this and they really don't want ss7 to be fixed as they can exploit it.

Cheyana10y ago

Also interesting was the first reason he gave for being angry:

"Rep. Ted Lieu: They could hear any call of pretty much anyone who has a smartphone. It could be stock trades you want someone to execute."

Yeah, you wouldn't want the public to know about the insider gravy train you hopped on when you were elected, huh Ted?

kijeda10y ago· 1 in thread

This story appears very similar to one done by the Australian edition of 60 Minutes last year:

http://www.9jumpin.com.au/show/60minutes/stories/2015/august...

hellbanner10y ago

Ah, good memory.

See also "The news is controlled" -- anchors from different stations using the same lines.

https://www.youtube.com/watch?v=kip2w-DceV0

wille9210y ago· 1 in thread

As someone who is unfamiliar with this ss7 vulnerability, does anyone have a more in-depth technical overview?

at-fates-hands10y ago

This was getting some headlines a few years ago, but most engineers have known about it for years

https://www.sans.org/reading-room/whitepapers/critical/fall-...

99999999999910y ago

Hungry shark

j / k navigate · click thread line to collapse